Overview

overview

10

Static

static

3

GOLAYA-TOPLESS.exe

windows7-x64

8

GOLAYA-TOPLESS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74ff743720861d8df6ef4c544a5e9fde

  • Size

    78KB

  • Sample

    240125-t76jjaahd7

  • MD5

    74ff743720861d8df6ef4c544a5e9fde

  • SHA1

    7f16a341dd213a72a17b4a3c98687da2490b7845

  • SHA256

    fd7528d99301b85f7bba5d0a6e3a72afa7924123bec10cb91cf8dccb22c7603c

  • SHA512

    b100dc560df2cac9df04e67e31777e270c02a6a1d060a315e805d4ff594e50f4762dfde30656502a496488a21a22f33ed389ae65d9cd9bae3dbfcec516bff092

  • SSDEEP

    1536:mQwfwimgTY23tG90wIsWfHlWKSd+QSqWU5FMQCoFuJlmSKV/I0JZXdLxoSg5Kgm2:mnoimg13tG90HdQ3Sqt2oFUU5/IOBdLW

Score
10/10
kinsingloader

Malware Config

Targets

    • Target

      GOLAYA-TOPLESS.exe

    • Size

      180KB

    • MD5

      55e47874ef9912a4309c4c90af7b67f8

    • SHA1

      bda07533ed744d3c78ee34ab416d883504212e3e

    • SHA256

      c3199ed5f9a3d4e51e4ff8287875a04a91602e348dcef11c403e90d96eea59f7

    • SHA512

      d01550350e18c0507e8f45e1a970cfd6bfa910c2a334fe65ffc26f7347e9b967906a950bd6918fa2c19aebfdf087f2f82bf3a47e96af1ef903697d3672edad36

    • SSDEEP

      3072:TBAp5XhKpN4eOyVTGfhEClj8jTk+0h6ejmo:+bXE9OiTGfhEClq9dejD

    Score
    10/10
    kinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks